For the *_count fields, bounded searches only include already-terminated processes. Unbounded searches include all processes.
For example, a search for netconn_count:[1 TO 100] returns results selected from processes that the sensor has reported with process_terminated:true.
By comparison, a search for netconn_count:[1 TO *] returns results from all processes irrespective of the state of process_terminated.
This applies to the following search fields:
childproc_countcrossproc_countfilemod_countmodload_countprocess_countregmod_countscriptload_count
